<?php
@session_start();
if(isset($_POST["submit"]))
{
$username = $_POST["username"];
$password = md5(sha1($_POST["password"]));
$code = $_POST['code_num'];
require_once ("dbconnect.php"); 
$query = "SELECT id FROM `admin` WHERE `username` = '$username'AND `password`= '$password' ";
$result=mysql_query($query);

if((mysql_num_rows($result)>0)&&($code==$_SESSION['helloweba_num']))
{
$_SESSION['username']=$username;
echo'<!doctype html>
<html>  
<head>
<meta charset="utf-8" />
<title>登陆成功</title>
</head>
<body>
<div align="center">
<p>感谢您登陆成功!</p>  
<span class="copyright">CopyRight 2014-2015 <a href="https://yanyu-dyh.rhcloud.com/">@虎哥style</a></span>
</div>
<script type="text/javascript"> 
setTimeout("myfun()",1000);
function myfun()
{
window.location.href ="list.php";
}
</script> 
</body>
</html>';
}
/*

*/

else{
 echo'<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<title>登陆失败</title>
</head>
<body>
<div align="center">
<p>用户名、密码或验证码错误！请重新填写！</p>  
<span class="copyright">CopyRight 2014-2015 <a href="https://yanyu-dyh.rhcloud.com/">@虎哥style</a></span>
</div>
<script type="text/javascript"> 
setTimeout("myfun()",1000);
function myfun()
{
window.location.href ="login.html";
}
</script> 
</body>
</html>';
 }
}
else
{
echo'<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<title>非法操作</title>
</head>
<body>
<p>&#35831;重新提交表单！</p>
</body>
</html>';
}
?>